2019-02-15 15:39:39 +05:30
# frozen_string_literal: true
require 'spec_helper'
2020-07-28 23:09:34 +05:30
RSpec . describe Gitlab :: Checks :: BranchCheck do
2019-02-15 15:39:39 +05:30
include_context 'change access checks context'
describe '#validate!' do
it 'does not raise any error' do
expect { subject . validate! } . not_to raise_error
end
context 'trying to delete the default branch' do
let ( :newrev ) { '0000000000000000000000000000000000000000' }
let ( :ref ) { 'refs/heads/master' }
it 'raises an error' do
2020-04-08 14:13:33 +05:30
expect { subject . validate! } . to raise_error ( Gitlab :: GitAccess :: ForbiddenError , 'The default branch of a project cannot be deleted.' )
2019-02-15 15:39:39 +05:30
end
end
2020-08-18 19:51:02 +05:30
context " prohibited branches check " do
it " prohibits 40-character hexadecimal branch names " do
allow ( subject ) . to receive ( :branch_name ) . and_return ( " 267208abfe40e546f5e847444276f7d43a39503e " )
expect { subject . validate! } . to raise_error ( Gitlab :: GitAccess :: ForbiddenError , " You cannot create a branch with a 40-character hexadecimal branch name. " )
end
2023-05-08 21:46:49 +05:30
it " prohibits 40-character hexadecimal branch names as the start of a path " do
allow ( subject ) . to receive ( :branch_name ) . and_return ( " 267208abfe40e546f5e847444276f7d43a39503e/test " )
expect { subject . validate! } . to raise_error ( Gitlab :: GitAccess :: ForbiddenError , " You cannot create a branch with a 40-character hexadecimal branch name. " )
end
2023-09-09 17:08:58 +05:30
it " prohibits 40-character hexadecimal branch names followed by a dash as the start of a path " do
allow ( subject ) . to receive ( :branch_name ) . and_return ( " 267208abfe40e546f5e847444276f7d43a39503e-/test " )
expect { subject . validate! } . to raise_error ( Gitlab :: GitAccess :: ForbiddenError , " You cannot create a branch with a 40-character hexadecimal branch name. " )
end
2020-08-18 19:51:02 +05:30
it " doesn't prohibit a nested hexadecimal in a branch name " do
2023-05-08 21:46:49 +05:30
allow ( subject ) . to receive ( :branch_name ) . and_return ( " 267208abfe40e546f5e847444276f7d43a39503e-fix " )
2020-08-18 19:51:02 +05:30
expect { subject . validate! } . not_to raise_error
end
2021-12-07 22:27:20 +05:30
context " deleting a hexadecimal branch " do
let ( :newrev ) { " 0000000000000000000000000000000000000000 " }
let ( :ref ) { " refs/heads/267208abfe40e546f5e847444276f7d43a39503e " }
it " doesn't prohibit the deletion of a hexadecimal branch name " do
expect { subject . validate! } . not_to raise_error
end
end
2020-08-18 19:51:02 +05:30
end
2019-02-15 15:39:39 +05:30
context 'protected branches check' do
before do
allow ( ProtectedBranch ) . to receive ( :protected? ) . with ( project , 'master' ) . and_return ( true )
allow ( ProtectedBranch ) . to receive ( :protected? ) . with ( project , 'feature' ) . and_return ( true )
end
it 'raises an error if the user is not allowed to do forced pushes to protected branches' do
expect ( Gitlab :: Checks :: ForcePush ) . to receive ( :force_push? ) . and_return ( true )
2020-04-08 14:13:33 +05:30
expect { subject . validate! } . to raise_error ( Gitlab :: GitAccess :: ForbiddenError , 'You are not allowed to force push code to a protected branch on this project.' )
2019-02-15 15:39:39 +05:30
end
it 'raises an error if the user is not allowed to merge to protected branches' do
2020-01-01 13:55:28 +05:30
expect_next_instance_of ( Gitlab :: Checks :: MatchingMergeRequest ) do | instance |
expect ( instance ) . to receive ( :match? ) . and_return ( true )
end
2019-02-15 15:39:39 +05:30
expect ( user_access ) . to receive ( :can_merge_to_branch? ) . and_return ( false )
expect ( user_access ) . to receive ( :can_push_to_branch? ) . and_return ( false )
2020-04-08 14:13:33 +05:30
expect { subject . validate! } . to raise_error ( Gitlab :: GitAccess :: ForbiddenError , 'You are not allowed to merge code into protected branches on this project.' )
2019-02-15 15:39:39 +05:30
end
it 'raises an error if the user is not allowed to push to protected branches' do
expect ( user_access ) . to receive ( :can_push_to_branch? ) . and_return ( false )
2020-04-08 14:13:33 +05:30
expect { subject . validate! } . to raise_error ( Gitlab :: GitAccess :: ForbiddenError , 'You are not allowed to push code to protected branches on this project.' )
2019-02-15 15:39:39 +05:30
end
2021-04-17 20:07:23 +05:30
context 'when user has push access' do
before do
allow ( user_access )
. to receive ( :can_push_to_branch? )
. and_return ( true )
end
context 'if protected branches is allowed to force push' do
before do
allow ( ProtectedBranch )
. to receive ( :allow_force_push? )
. with ( project , 'master' )
. and_return ( true )
end
it 'allows force push' do
expect ( Gitlab :: Checks :: ForcePush ) . to receive ( :force_push? ) . and_return ( true )
expect { subject . validate! } . not_to raise_error
end
end
context 'if protected branches is not allowed to force push' do
before do
allow ( ProtectedBranch )
. to receive ( :allow_force_push? )
. with ( project , 'master' )
. and_return ( false )
end
it 'prevents force push' do
expect ( Gitlab :: Checks :: ForcePush ) . to receive ( :force_push? ) . and_return ( true )
2022-07-16 23:28:13 +05:30
expect { subject . validate! } . to raise_error ( Gitlab :: GitAccess :: ForbiddenError )
2021-04-17 20:07:23 +05:30
end
end
end
context 'when user does not have push access' do
before do
allow ( user_access )
. to receive ( :can_push_to_branch? )
. and_return ( false )
end
context 'if protected branches is allowed to force push' do
before do
allow ( ProtectedBranch )
. to receive ( :allow_force_push? )
. with ( project , 'master' )
. and_return ( true )
end
it 'prevents force push' do
expect ( Gitlab :: Checks :: ForcePush ) . to receive ( :force_push? ) . and_return ( true )
2022-07-16 23:28:13 +05:30
expect { subject . validate! } . to raise_error ( Gitlab :: GitAccess :: ForbiddenError )
2021-04-17 20:07:23 +05:30
end
end
context 'if protected branches is not allowed to force push' do
before do
allow ( ProtectedBranch )
. to receive ( :allow_force_push? )
. with ( project , 'master' )
. and_return ( false )
end
it 'prevents force push' do
expect ( Gitlab :: Checks :: ForcePush ) . to receive ( :force_push? ) . and_return ( true )
2022-07-16 23:28:13 +05:30
expect { subject . validate! } . to raise_error ( Gitlab :: GitAccess :: ForbiddenError )
2021-04-17 20:07:23 +05:30
end
end
end
2019-02-15 15:39:39 +05:30
context 'when project repository is empty' do
let ( :project ) { create ( :project ) }
2019-07-07 11:18:12 +05:30
context 'user is not allowed to push to protected branches' do
before do
allow ( user_access )
. to receive ( :can_push_to_branch? )
. and_return ( false )
end
it 'raises an error' do
2020-04-08 14:13:33 +05:30
expect { subject . validate! } . to raise_error ( Gitlab :: GitAccess :: ForbiddenError , / Ask a project Owner or Maintainer to create a default branch / )
2019-07-07 11:18:12 +05:30
end
end
context 'user is allowed to push to protected branches' do
before do
allow ( user_access )
. to receive ( :can_push_to_branch? )
. and_return ( true )
end
it 'allows branch creation' do
expect { subject . validate! } . not_to raise_error
end
end
end
context 'branch creation' do
let ( :oldrev ) { '0000000000000000000000000000000000000000' }
let ( :ref ) { 'refs/heads/feature' }
2019-07-31 22:56:46 +05:30
context 'user can push to branch' do
2019-07-07 11:18:12 +05:30
before do
2019-07-31 22:56:46 +05:30
allow ( user_access )
. to receive ( :can_push_to_branch? )
. with ( 'feature' )
. and_return ( true )
2019-07-07 11:18:12 +05:30
end
2019-07-31 22:56:46 +05:30
it 'does not raise an error' do
expect { subject . validate! } . not_to raise_error
2019-07-07 11:18:12 +05:30
end
2019-07-31 22:56:46 +05:30
end
2019-07-07 11:18:12 +05:30
2019-07-31 22:56:46 +05:30
context 'user cannot push to branch' do
before do
allow ( user_access )
. to receive ( :can_push_to_branch? )
. with ( 'feature' )
. and_return ( false )
2019-07-07 11:18:12 +05:30
end
2019-02-15 15:39:39 +05:30
2019-07-31 22:56:46 +05:30
context 'user cannot merge to branch' do
2019-07-07 11:18:12 +05:30
before do
allow ( user_access )
2019-07-31 22:56:46 +05:30
. to receive ( :can_merge_to_branch? )
2019-07-07 11:18:12 +05:30
. with ( 'feature' )
2019-07-31 22:56:46 +05:30
. and_return ( false )
2019-07-07 11:18:12 +05:30
end
2019-07-31 22:56:46 +05:30
it 'raises an error' do
2020-04-08 14:13:33 +05:30
expect { subject . validate! } . to raise_error ( Gitlab :: GitAccess :: ForbiddenError , 'You are not allowed to create protected branches on this project.' )
2019-07-07 11:18:12 +05:30
end
end
2019-07-31 22:56:46 +05:30
context 'user can merge to branch' do
2019-07-07 11:18:12 +05:30
before do
allow ( user_access )
2019-07-31 22:56:46 +05:30
. to receive ( :can_merge_to_branch? )
2019-07-07 11:18:12 +05:30
. with ( 'feature' )
2019-07-31 22:56:46 +05:30
. and_return ( true )
allow ( project . repository )
. to receive ( :branch_names_contains_sha )
. with ( newrev )
. and_return ( [ 'branch' ] )
2019-07-07 11:18:12 +05:30
end
2019-07-31 22:56:46 +05:30
context " newrev isn't in any protected branches " do
2019-07-07 11:18:12 +05:30
before do
2019-07-31 22:56:46 +05:30
allow ( ProtectedBranch )
. to receive ( :any_protected? )
. with ( project , [ 'branch' ] )
2019-07-07 11:18:12 +05:30
. and_return ( false )
end
it 'raises an error' do
2020-04-08 14:13:33 +05:30
expect { subject . validate! } . to raise_error ( Gitlab :: GitAccess :: ForbiddenError , 'You can only use an existing protected branch ref as the basis of a new protected branch.' )
2019-07-07 11:18:12 +05:30
end
end
2019-07-31 22:56:46 +05:30
context 'newrev is included in a protected branch' do
2019-07-07 11:18:12 +05:30
before do
2019-07-31 22:56:46 +05:30
allow ( ProtectedBranch )
. to receive ( :any_protected? )
. with ( project , [ 'branch' ] )
2019-07-07 11:18:12 +05:30
. and_return ( true )
end
2019-07-31 22:56:46 +05:30
context 'via web interface' do
let ( :protocol ) { 'web' }
2019-07-07 11:18:12 +05:30
2019-07-31 22:56:46 +05:30
it 'allows branch creation' do
expect { subject . validate! } . not_to raise_error
2019-07-07 11:18:12 +05:30
end
end
2019-07-31 22:56:46 +05:30
context 'via SSH' do
it 'raises an error' do
2020-04-08 14:13:33 +05:30
expect { subject . validate! } . to raise_error ( Gitlab :: GitAccess :: ForbiddenError , 'You can only create protected branches using the web interface and API.' )
2019-07-07 11:18:12 +05:30
end
end
end
end
2019-02-15 15:39:39 +05:30
end
end
context 'branch deletion' do
let ( :newrev ) { '0000000000000000000000000000000000000000' }
let ( :ref ) { 'refs/heads/feature' }
context 'if the user is not allowed to delete protected branches' do
it 'raises an error' do
2020-04-08 14:13:33 +05:30
expect { subject . validate! } . to raise_error ( Gitlab :: GitAccess :: ForbiddenError , 'You are not allowed to delete protected branches from this project. Only a project maintainer or owner can delete a protected branch.' )
2019-02-15 15:39:39 +05:30
end
end
context 'if the user is allowed to delete protected branches' do
before do
project . add_maintainer ( user )
end
context 'through the web interface' do
let ( :protocol ) { 'web' }
it 'allows branch deletion' do
expect { subject . validate! } . not_to raise_error
end
end
context 'over SSH or HTTP' do
it 'raises an error' do
2020-04-08 14:13:33 +05:30
expect { subject . validate! } . to raise_error ( Gitlab :: GitAccess :: ForbiddenError , 'You can only delete protected branches using the web interface.' )
2019-02-15 15:39:39 +05:30
end
end
end
end
end
end
end
